agenttesla | 0bf1110ef3290769bf40fcdc73b8df2b5cf509d1d90ebb4781f80b8a6ed1fe5c | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

0bf1110ef3...5c.exe

windows7-x64

0bf1110ef3...5c.exe

windows10-2004-x64

Sharing

General

Target

0bf1110ef3290769bf40fcdc73b8df2b5cf509d1d90ebb4781f80b8a6ed1fe5c
Size

563KB
Sample

240521-br8d3sdf53
MD5

6d078aa59c6189f23a10bac510c4a120
SHA1

5ca07e80d9b641018bc67da416848ffd106f7a5f
SHA256

0bf1110ef3290769bf40fcdc73b8df2b5cf509d1d90ebb4781f80b8a6ed1fe5c
SHA512

fbb81274ae3a19a8937d298bf3f14db1a705d6562464540d744967ba5a476004d1e1dc2b462f94a940d03ae58ce27587a753ea072477eb56372aeb67d289ef54
SSDEEP

12288:x6X3bMUem352kyOBCqGjm7PH8t2VHiJba7mydO5Ox9Ew8:Q3bMZozywC/g/8t2Vz7myM5OUw8

Score

10^/10

agenttesla keylogger spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

0bf1110ef3290769bf40fcdc73b8df2b5cf509d1d90ebb4781f80b8a6ed1fe5c.exe

Resource

win7-20240221-en

agenttesla keylogger spyware stealer trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

0bf1110ef3290769bf40fcdc73b8df2b5cf509d1d90ebb4781f80b8a6ed1fe5c.exe

Resource

win10v2004-20240508-en

agenttesla keylogger spyware stealer trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

C2

https://api.telegram.org/bot6391280536:AAESZ3NYNHmB2sa_7hA_g6U5Mw3cJR9yhiI/

Targets

- Target
  
  0bf1110ef3290769bf40fcdc73b8df2b5cf509d1d90ebb4781f80b8a6ed1fe5c
- Size
  
  563KB
- MD5
  
  6d078aa59c6189f23a10bac510c4a120
- SHA1
  
  5ca07e80d9b641018bc67da416848ffd106f7a5f
- SHA256
  
  0bf1110ef3290769bf40fcdc73b8df2b5cf509d1d90ebb4781f80b8a6ed1fe5c
- SHA512
  
  fbb81274ae3a19a8937d298bf3f14db1a705d6562464540d744967ba5a476004d1e1dc2b462f94a940d03ae58ce27587a753ea072477eb56372aeb67d289ef54
- SSDEEP
  
  12288:x6X3bMUem352kyOBCqGjm7PH8t2VHiJba7mydO5Ox9Ew8:Q3bMZozywC/g/8t2Vz7myM5OUw8
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan

© 2018-2025

Terms | Privacy